diff --git a/changelog.d/0-release-notes/WPB-23896 b/changelog.d/0-release-notes/WPB-23896
new file mode 100644
index 00000000000..92f70868a7d
--- /dev/null
+++ b/changelog.d/0-release-notes/WPB-23896
@@ -0,0 +1 @@
+Helm charts updates, specifying resources limit/requests.
diff --git a/changelog.d/5-internal/WPB-23896 b/changelog.d/5-internal/WPB-23896
new file mode 100644
index 00000000000..427474b0cde
--- /dev/null
+++ b/changelog.d/5-internal/WPB-23896
@@ -0,0 +1 @@
+Fixed SonarQube Helm template formatting and RBAC issues in charts/.
diff --git a/charts/backoffice/templates/tests/stern-integration.yaml b/charts/backoffice/templates/tests/stern-integration.yaml
index cbe0da5f117..e43b286c146 100644
--- a/charts/backoffice/templates/tests/stern-integration.yaml
+++ b/charts/backoffice/templates/tests/stern-integration.yaml
@@ -8,6 +8,7 @@ metadata:
app: stern-integration
release: {{ .Release.Name }}
spec:
+ automountServiceAccountToken: false
volumes:
- name: "stern-integration"
configMap:
@@ -53,6 +54,8 @@ spec:
requests:
memory: "128Mi"
cpu: "1"
+ limits:
+ memory: "256Mi"
env:
- name: TEST_XML
value: /tmp/result.xml
diff --git a/charts/cassandra-migrations/templates/cassandra-certs.yaml b/charts/cassandra-migrations/templates/cassandra-certs.yaml
index 3bea0c6f5d7..e3e455c7afe 100644
--- a/charts/cassandra-migrations/templates/cassandra-certs.yaml
+++ b/charts/cassandra-migrations/templates/cassandra-certs.yaml
@@ -15,7 +15,7 @@ metadata:
type: Opaque
data:
ca.pem: {{ include "tlsCaBrig" . | b64enc | quote }}
-{{- end}}
+{{- end }}
{{- if ne (trim (include "tlsCaGalley" .)) "" }}
---
apiVersion: v1
@@ -34,7 +34,7 @@ metadata:
type: Opaque
data:
ca.pem: {{ include "tlsCaGalley" . | b64enc | quote }}
-{{- end}}
+{{- end }}
{{- if ne (trim (include "tlsCaGundeck" .)) "" }}
---
apiVersion: v1
@@ -53,7 +53,7 @@ metadata:
type: Opaque
data:
ca.pem: {{ include "tlsCaGundeck" . | b64enc | quote }}
-{{- end}}
+{{- end }}
{{- if ne (trim (include "tlsCaSpar" .)) "" }}
---
apiVersion: v1
@@ -72,4 +72,4 @@ metadata:
type: Opaque
data:
ca.pem: {{ include "tlsCaSpar" . | b64enc | quote }}
-{{- end}}
+{{- end }}
diff --git a/charts/elasticsearch-index/templates/elasticsearch-ca-secret.yaml b/charts/elasticsearch-index/templates/elasticsearch-ca-secret.yaml
index 060d84e56a1..eef7f10de60 100644
--- a/charts/elasticsearch-index/templates/elasticsearch-ca-secret.yaml
+++ b/charts/elasticsearch-index/templates/elasticsearch-ca-secret.yaml
@@ -2,7 +2,7 @@
apiVersion: v1
kind: Secret
metadata:
- name: "{{ include "fullname" .}}-ca"
+ name: "{{ include "fullname" . }}-ca"
labels:
app: elasticsearch-index
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
diff --git a/charts/k8ssandra-test-cluster/templates/check-cluster-job.yaml b/charts/k8ssandra-test-cluster/templates/check-cluster-job.yaml
index 99739c53a3f..aae20dd1509 100644
--- a/charts/k8ssandra-test-cluster/templates/check-cluster-job.yaml
+++ b/charts/k8ssandra-test-cluster/templates/check-cluster-job.yaml
@@ -9,6 +9,7 @@ metadata:
spec:
template:
spec:
+ automountServiceAccountToken: false
containers:
- name: cassandra
image: cassandra:4.1.10
diff --git a/charts/nginx-ingress-services/templates/issuer.yaml b/charts/nginx-ingress-services/templates/issuer.yaml
index 3a1607a0742..5fb376ff9a7 100644
--- a/charts/nginx-ingress-services/templates/issuer.yaml
+++ b/charts/nginx-ingress-services/templates/issuer.yaml
@@ -3,7 +3,7 @@ apiVersion: cert-manager.io/v1
{{- if or (eq .Values.tls.issuer.kind "Issuer") (eq .Values.tls.issuer.kind "ClusterIssuer") }}
kind: "{{ .Values.tls.issuer.kind }}"
{{- else }}
-{{- fail (cat ".tls.issuer.kind can only be one of Issuer or ClusterIssuer, got: " .tls.issuer.kind )}}
+{{- fail (cat ".tls.issuer.kind can only be one of Issuer or ClusterIssuer, got: " .tls.issuer.kind ) }}
{{- end }}
metadata:
name: {{ include "nginx-ingress-services.getIssuerName" . | quote }}
@@ -28,5 +28,5 @@ spec:
- http01:
ingress:
class: nginx
-{{- end }}
{{- end -}}
+{{- end }}
diff --git a/charts/nginz/templates/configmap.yaml b/charts/nginz/templates/configmap.yaml
index 69f1887056e..6ab968cac68 100644
--- a/charts/nginz/templates/configmap.yaml
+++ b/charts/nginz/templates/configmap.yaml
@@ -1,11 +1,10 @@
+{{- $nginxConf := .Values.nginx_conf }}
-{{- $nginx_conf := .Values.nginx_conf }}
-
-{{- if hasKey $nginx_conf "external_env_domain" }}
- {{- $external_env_domain := $nginx_conf.external_env_domain }}
- {{- range $nginx_conf.additional_external_env_domains }}
- {{- if eq $external_env_domain . }}
- {{- fail (printf "Error: external_env_domain (%s) cannot be part of additional_external_env_domains list." $external_env_domain) }}
+{{- if hasKey $nginxConf "external_env_domain" }}
+ {{- $externalEnvDomain := $nginxConf.external_env_domain }}
+ {{- range $nginxConf.additional_external_env_domains }}
+ {{- if eq $externalEnvDomain . }}
+ {{- fail (printf "Error: external_env_domain (%s) cannot be part of additional_external_env_domains list." $externalEnvDomain) }}
{{- end }}
{{- end }}
{{- end }}
@@ -26,46 +25,47 @@ kind: ConfigMap
metadata:
name: nginz-deeplink
data:
- {{- if and (hasKey .Values.nginx_conf "deeplink") (hasKey .Values.nginx_conf "external_env_domain") }}
- {{- $backendURL := .Values.nginx_conf.deeplink.endpoints.backendURL }}
- {{- $deeplink_json := $backendURL | replace "https://" "" | trimSuffix "/" | printf "%s-deeplink.json" }}
- {{- $deeplink_html := $backendURL | replace "https://" "" | trimSuffix "/" | printf "%s-deeplink.html" }}
- {{ $deeplink_json }}: |
+ {{- if and (hasKey $nginxConf "deeplink") (hasKey $nginxConf "external_env_domain") }}
+ {{- $deeplinkJson := $nginxConf.deeplink.endpoints.backendURL | replace "https://" "" | trimSuffix "/" | printf "%s-deeplink.json" }}
+ {{- $deeplinkHtml := $nginxConf.deeplink.endpoints.backendURL | replace "https://" "" | trimSuffix "/" | printf "%s-deeplink.html" }}
+ {{ $deeplinkJson }}: |
{{- $deeplink := dict
"endpoints" (dict
- "backendURL" .Values.nginx_conf.deeplink.endpoints.backendURL
- "backendWSURL" .Values.nginx_conf.deeplink.endpoints.backendWSURL
- "blackListURL" .Values.nginx_conf.deeplink.endpoints.blackListURL
- "teamsURL" .Values.nginx_conf.deeplink.endpoints.teamsURL
- "accountsURL" .Values.nginx_conf.deeplink.endpoints.accountsURL
- "websiteURL" .Values.nginx_conf.deeplink.endpoints.websiteURL
+ "backendURL" $nginxConf.deeplink.endpoints.backendURL
+ "backendWSURL" $nginxConf.deeplink.endpoints.backendWSURL
+ "blackListURL" $nginxConf.deeplink.endpoints.blackListURL
+ "teamsURL" $nginxConf.deeplink.endpoints.teamsURL
+ "accountsURL" $nginxConf.deeplink.endpoints.accountsURL
+ "websiteURL" $nginxConf.deeplink.endpoints.websiteURL
)
- "title" .Values.nginx_conf.deeplink.title
+ "title" $nginxConf.deeplink.title
}}
- {{- if hasKey .Values.nginx_conf.deeplink "apiProxy" }}
+ {{- if hasKey $nginxConf.deeplink "apiProxy" }}
{{- $_ := set $deeplink "apiProxy" (dict
- "host" .Values.nginx_conf.deeplink.apiProxy.host
- "port" .Values.nginx_conf.deeplink.apiProxy.port
- "needsAuthentication" .Values.nginx_conf.deeplink.apiProxy.needsAuthentication
+ "host" $nginxConf.deeplink.apiProxy.host
+ "port" $nginxConf.deeplink.apiProxy.port
+ "needsAuthentication" $nginxConf.deeplink.apiProxy.needsAuthentication
) }}
{{- end }}
{{ toJson $deeplink | indent 4 }}
- {{ $deeplink_html }}: |
+ {{ $deeplinkHtml }}: |
-
+
+ Deeplink for {{ $nginxConf.deeplink.endpoints.backendURL }}
+
- Click here for access
+ Click here for access
{{- end }}
- {{- if (hasKey $nginx_conf "additional_external_env_domains") }}
- {{- range $domain, $config := $nginx_conf.multi_ingress_deeplink }}
- {{- if (has $domain $nginx_conf.additional_external_env_domains) }}
+ {{- if (hasKey $nginxConf "additional_external_env_domains") }}
+ {{- range $domain, $config := $nginxConf.multi_ingress_deeplink }}
+ {{- if (has $domain $nginxConf.additional_external_env_domains) }}
{{- $backendURL := $config.endpoints.backendURL }}
- {{- $deeplink_json := $backendURL | replace "https://" "" | trimSuffix "/" | printf "%s-deeplink.json" }}
- {{- $deeplink_html := $backendURL | replace "https://" "" | trimSuffix "/" | printf "%s-deeplink.html" }}
- {{ $deeplink_json }}: |
+ {{- $deeplinkJson := $backendURL | replace "https://" "" | trimSuffix "/" | printf "%s-deeplink.json" }}
+ {{- $deeplinkHtml := $backendURL | replace "https://" "" | trimSuffix "/" | printf "%s-deeplink.html" }}
+ {{ $deeplinkJson }}: |
{{- $deeplink := dict
"endpoints" (dict
"backendURL" $config.endpoints.backendURL
@@ -86,7 +86,7 @@ data:
{{- end }}
{{ toJson $deeplink | indent 4 }}
{{ printf "\n" }}
- {{ $deeplink_html }}: |
+ {{ $deeplinkHtml }}: |
Deeplink for {{ $domain }}
diff --git a/charts/openldap/templates/openldap.yaml b/charts/openldap/templates/openldap.yaml
index 3a0fdb9f08b..12274bdd601 100644
--- a/charts/openldap/templates/openldap.yaml
+++ b/charts/openldap/templates/openldap.yaml
@@ -8,6 +8,7 @@ metadata:
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
+ automountServiceAccountToken: false
topologySpreadConstraints:
- maxSkew: 1
topologyKey: "kubernetes.io/hostname"
diff --git a/charts/outlook-addin/templates/deployment.yaml b/charts/outlook-addin/templates/deployment.yaml
index 3a0ab24413d..4d61888a7f2 100644
--- a/charts/outlook-addin/templates/deployment.yaml
+++ b/charts/outlook-addin/templates/deployment.yaml
@@ -15,6 +15,7 @@ spec:
labels:
app: {{ include "outlook.fullname" . }}
spec:
+ automountServiceAccountToken: false
topologySpreadConstraints:
- maxSkew: 1
topologyKey: "kubernetes.io/hostname"
@@ -45,3 +46,10 @@ spec:
httpGet:
path: /
port: http
+ resources:
+ requests:
+ memory: "64Mi"
+ cpu: "10m"
+ limits:
+ memory: "256Mi"
+ cpu: "1"
diff --git a/charts/wire-server/templates/background-worker/configmap.yaml b/charts/wire-server/templates/background-worker/configmap.yaml
index 49c0c3d38d7..5c6a5173bbb 100644
--- a/charts/wire-server/templates/background-worker/configmap.yaml
+++ b/charts/wire-server/templates/background-worker/configmap.yaml
@@ -104,10 +104,10 @@ data:
migrateConversationCodes: {{ .migrateConversationCodes }}
migrateTeamFeatures: {{ .migrateTeamFeatures }}
migrateConversationsOptions:
-{{toYaml .migrateConversationsOptions | indent 6 }}
+{{ toYaml .migrateConversationsOptions | indent 6 }}
backendNotificationPusher:
-{{toYaml .backendNotificationPusher | indent 6 }}
+{{ toYaml .backendNotificationPusher | indent 6 }}
{{- with .backgroundJobs }}
backgroundJobs:
{{ toYaml . | indent 6 }}
diff --git a/charts/wire-server/templates/brig/tests/brig-integration.yaml b/charts/wire-server/templates/brig/tests/brig-integration.yaml
index c2c9372217b..d9dd91b0551 100644
--- a/charts/wire-server/templates/brig/tests/brig-integration.yaml
+++ b/charts/wire-server/templates/brig/tests/brig-integration.yaml
@@ -48,12 +48,12 @@ spec:
- name: elasticsearch-ca
secret:
secretName: {{ include "brig.elasticsearchTlsSecretName" .Values.brig.config }}
- {{- end}}
+ {{- end }}
{{- if eq (include "useCassandraTLS" .Values.brig.config.cassandra) "true" }}
- name: "brig-cassandra"
secret:
secretName: {{ (include "brig.tlsSecretRef" .Values.brig.config | fromYaml).name }}
- {{- end}}
+ {{- end }}
{{- if .Values.brig.config.rabbitmq.tlsCaSecretRef }}
- name: "rabbitmq-ca"
secret:
@@ -119,7 +119,7 @@ spec:
{{- if eq (include "brig.configureElasticSearchCa" .Values.brig.config) "true" }}
- name: elasticsearch-ca
mountPath: "/etc/wire/brig/elasticsearch-ca"
- {{- end}}
+ {{- end }}
{{- if eq (include "useCassandraTLS" .Values.brig.config.cassandra) "true" }}
- name: "brig-cassandra"
mountPath: "/etc/wire/brig/cassandra"
diff --git a/charts/wire-server/templates/cargohold/deployment.yaml b/charts/wire-server/templates/cargohold/deployment.yaml
index 10fca7259ed..40b6c475508 100644
--- a/charts/wire-server/templates/cargohold/deployment.yaml
+++ b/charts/wire-server/templates/cargohold/deployment.yaml
@@ -28,6 +28,7 @@ spec:
checksum/secret: {{ include (print .Template.BasePath "/cargohold/secret.yaml") . | sha256sum }}
spec:
serviceAccountName: {{ .Values.cargohold.serviceAccount.name }}
+ automountServiceAccountToken: false
topologySpreadConstraints:
- maxSkew: 1
topologyKey: "kubernetes.io/hostname"
diff --git a/charts/wire-server/templates/galley/configmap.yaml b/charts/wire-server/templates/galley/configmap.yaml
index 1afe5e88786..77f6d58469e 100644
--- a/charts/wire-server/templates/galley/configmap.yaml
+++ b/charts/wire-server/templates/galley/configmap.yaml
@@ -85,7 +85,7 @@ data:
{{- else if .settings.multiIngress }}
multiIngress: {{- toYaml .settings.multiIngress | nindent 8 }}
{{- else }}
- {{ fail "Either settings.conversationCodeURI or settings.multiIngress have to be set"}}
+ {{ fail "Either settings.conversationCodeURI or settings.multiIngress have to be set" }}
{{- end }}
{{- if (and .settings.conversationCodeURI .settings.multiIngress) }}
{{ fail "settings.conversationCodeURI and settings.multiIngress are mutually exclusive" }}
diff --git a/charts/wire-server/templates/gundeck/configmap.yaml b/charts/wire-server/templates/gundeck/configmap.yaml
index 9f102742700..10be21c34e1 100644
--- a/charts/wire-server/templates/gundeck/configmap.yaml
+++ b/charts/wire-server/templates/gundeck/configmap.yaml
@@ -48,7 +48,7 @@ data:
enableTls: {{ .redis.enableTls }}
insecureSkipVerifyTls: {{ .redis.insecureSkipVerifyTls }}
{{- if eq (include "gundeck.configureRedisCa" .) "true" }}
- tlsCa: /etc/wire/gundeck/redis-ca/{{ include "gundeck.redisTlsSecretKey" .}}
+ tlsCa: /etc/wire/gundeck/redis-ca/{{ include "gundeck.redisTlsSecretKey" . }}
{{- end }}
{{- if .redisAdditionalWrite }}
@@ -59,7 +59,7 @@ data:
enableTls: {{ .redisAdditionalWrite.enableTls }}
insecureSkipVerifyTls: {{ .redisAdditionalWrite.insecureSkipVerifyTls }}
{{- if eq (include "gundeck.configureAdditionalRedisCa" .) "true" }}
- tlsCa: /etc/wire/gundeck/additional-redis-ca/{{ include "gundeck.additionalRedisTlsSecretKey" .}}
+ tlsCa: /etc/wire/gundeck/additional-redis-ca/{{ include "gundeck.additionalRedisTlsSecretKey" . }}
{{- end }}
{{- end }}
diff --git a/charts/wire-server/templates/gundeck/deployment.yaml b/charts/wire-server/templates/gundeck/deployment.yaml
index b7d677c88c7..bc46a53ec0d 100644
--- a/charts/wire-server/templates/gundeck/deployment.yaml
+++ b/charts/wire-server/templates/gundeck/deployment.yaml
@@ -49,7 +49,7 @@ spec:
- name: "gundeck-cassandra"
secret:
secretName: {{ (include "gundeck.tlsSecretRef" .Values.gundeck.config | fromYaml).name }}
- {{- end}}
+ {{- end }}
{{- if eq (include "gundeck.configureRedisCa" .Values.gundeck.config) "true" }}
- name: "redis-ca"
secret:
diff --git a/charts/wire-server/templates/gundeck/tests/gundeck-integration.yaml b/charts/wire-server/templates/gundeck/tests/gundeck-integration.yaml
index b70752b3ead..f1a661b4a58 100644
--- a/charts/wire-server/templates/gundeck/tests/gundeck-integration.yaml
+++ b/charts/wire-server/templates/gundeck/tests/gundeck-integration.yaml
@@ -17,7 +17,7 @@ spec:
- name: "gundeck-cassandra"
secret:
secretName: {{ (include "gundeck.tlsSecretRef" .Values.gundeck.config | fromYaml).name }}
- {{- end}}
+ {{- end }}
{{- if eq (include "gundeck.configureRedisCa" .Values.gundeck.config) "true" }}
- name: "redis-ca"
secret:
diff --git a/charts/wire-server/templates/spar/tests/spar-integration.yaml b/charts/wire-server/templates/spar/tests/spar-integration.yaml
index 259018d6338..49b861e1c73 100644
--- a/charts/wire-server/templates/spar/tests/spar-integration.yaml
+++ b/charts/wire-server/templates/spar/tests/spar-integration.yaml
@@ -20,7 +20,7 @@ spec:
- name: "spar-cassandra"
secret:
secretName: {{ (include "spar.tlsSecretRef" .Values.spar.config | fromYaml).name }}
- {{- end}}
+ {{- end }}
containers:
- name: integration
image: "{{ .Values.spar.image.repository }}-integration:{{ .Values.spar.image.tag }}"